linux/net
Catherine Zhang 877ce7c1b3 [AF_UNIX]: Datagram getpeersec
This patch implements an API whereby an application can determine the
label of its peer's Unix datagram sockets via the auxiliary data mechanism of
recvmsg.

Patch purpose:

This patch enables a security-aware application to retrieve the
security context of the peer of a Unix datagram socket.  The application
can then use this security context to determine the security context for
processing on behalf of the peer who sent the packet.

Patch design and implementation:

The design and implementation is very similar to the UDP case for INET
sockets.  Basically we build upon the existing Unix domain socket API for
retrieving user credentials.  Linux offers the API for obtaining user
credentials via ancillary messages (i.e., out of band/control messages
that are bundled together with a normal message).  To retrieve the security
context, the application first indicates to the kernel such desire by
setting the SO_PASSSEC option via getsockopt.  Then the application
retrieves the security context using the auxiliary data mechanism.

An example server application for Unix datagram socket should look like this:

toggle = 1;
toggle_len = sizeof(toggle);

setsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, &toggle, &toggle_len);
recvmsg(sockfd, &msg_hdr, 0);
if (msg_hdr.msg_controllen > sizeof(struct cmsghdr)) {
    cmsg_hdr = CMSG_FIRSTHDR(&msg_hdr);
    if (cmsg_hdr->cmsg_len <= CMSG_LEN(sizeof(scontext)) &&
        cmsg_hdr->cmsg_level == SOL_SOCKET &&
        cmsg_hdr->cmsg_type == SCM_SECURITY) {
        memcpy(&scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));
    }
}

sock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow
a server socket to receive security context of the peer.

Testing:

We have tested the patch by setting up Unix datagram client and server
applications.  We verified that the server can retrieve the security context
using the auxiliary data mechanism of recvmsg.

Signed-off-by: Catherine Zhang <cxzhang@watson.ibm.com>
Acked-by: Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29 16:58:06 -07:00
..
802 [TR]: Remove an unused export. 2006-05-16 15:23:40 -07:00
8021q [NET]: Replace skb_pull/skb_postpull_rcsum with skb_pull_rcsum 2006-03-20 22:43:56 -08:00
appletalk [NET]: Fix ipx/econet/appletalk/irda ioctl crashes 2006-03-28 17:02:43 -08:00
atm [ATM]: atm/mpc.c warning fix 2006-06-26 00:01:58 -07:00
ax25 [AX.25]: Eleminate HZ from AX.25 kernel interfaces 2006-05-03 23:27:16 -07:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/devfs-2.6 2006-06-29 14:19:21 -07:00
bridge [NET]: Added GSO header verification 2006-06-29 16:57:53 -07:00
core [AF_UNIX]: Datagram getpeersec 2006-06-29 16:58:06 -07:00
dccp [PATCH] clean up default value of IP_DCCP_ACKVEC 2006-06-23 07:43:04 -07:00
decnet [NETLINK]: Encapsulate eff_cap usage within security framework. 2006-06-29 16:57:55 -07:00
econet [ECONET]: Convert away from SOCKOPS_WRAPPED 2006-03-28 17:02:43 -08:00
ethernet [NET]: Eliminate unused /proc/sys/net/ethernet 2006-06-05 15:34:11 -07:00
ieee80211 [PATCH] wireless: correct dump of WPA IE 2006-06-15 15:48:14 -04:00
ipv4 [TCP]: Export accept queue len of a TCP listening socket via rx_queue 2006-06-29 16:57:57 -07:00
ipv6 [TCP]: Export accept queue len of a TCP listening socket via rx_queue 2006-06-29 16:57:57 -07:00
ipx [IPX]: Endian bug in ipxrtr_route_packet() 2006-06-17 21:30:24 -07:00
irda [PATCH] devfs: Remove the tty_driver devfs_name field as it's no longer needed 2006-06-26 12:25:09 -07:00
key [LSM-IPsec]: SELinux Authorize 2006-06-17 21:29:45 -07:00
lapb [NET]: Kill skb->list 2005-08-29 15:31:14 -07:00
llc [LLC]: Fix double receive of SKB. 2006-06-17 21:29:19 -07:00
netfilter [NETLINK]: Encapsulate eff_cap usage within security framework. 2006-06-29 16:57:55 -07:00
netlink [NETLINK]: Encapsulate eff_cap usage within security framework. 2006-06-29 16:57:55 -07:00
netrom [NETROM]: Fix possible null pointer dereference. 2006-06-26 00:05:23 -07:00
packet [NET]: Fix some whitespace issues in af_packet.c 2006-01-23 16:28:02 -08:00
rose [NETROM/ROSE]: Kill module init version kernel log messages. 2006-05-05 17:19:26 -07:00
rxrpc [PATCH] net/rxrpc: use list_move() 2006-06-26 09:58:17 -07:00
sched [NET]: Add generic segmentation offload 2006-06-23 02:07:31 -07:00
sctp [SCTP]: sctp_unpack_cookie() fix 2006-06-20 03:26:14 -07:00
sunrpc [PATCH] spin/rwlock init cleanups 2006-06-27 17:32:39 -07:00
tipc [PATCH] spin/rwlock init cleanups 2006-06-27 17:32:39 -07:00
unix [AF_UNIX]: Datagram getpeersec 2006-06-29 16:58:06 -07:00
wanrouter [WAN]: Remove broken and unmaintained Sangoma drivers. 2006-04-11 17:28:33 -07:00
x25 [X25]: fix for spinlock recurse and spinlock lockup with timer handler 2006-04-29 18:33:11 -07:00
xfrm [NETLINK]: Encapsulate eff_cap usage within security framework. 2006-06-29 16:57:55 -07:00
compat.c [NETFILTER]: iptables 32bit compat layer 2006-04-01 02:25:19 -08:00
Kconfig [SECMARK]: Add secmark support to core networking. 2006-06-17 21:29:57 -07:00
Makefile [TIPC] Initial merge 2006-01-12 14:06:31 -08:00
nonet.c [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
socket.c [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
sysctl_net.c [NET]: Eliminate unused /proc/sys/net/ethernet 2006-06-05 15:34:11 -07:00
TUNABLE Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00